public static function getToken()
{
$form = new BaseForm();
if ($form->isCSRFProtected()) {
return $form->getCSRFToken();
}
return '';
}
/**
* Load a remote page using an HTTP request
* @param array $configurations A set of key/value pairs that configure the
* default Ajax request. Important frequency value makes the ajax call is executed
* periodically
* @param boolean $isInternal If this function is inner a javascript body
* @return string jQuery syntax
*/
function jquery_ajax($configurations = null, $isInternal = false)
{
if (is_array($configurations) && sizeof($configurations) > 0) {
$suffix = '';
$prefix = '';
if (isset($configurations['frequency'])) {
$suffix = 'setInterval(function(){';
$prefix = '}, ' . (int) $configurations['frequency'] * 1000 . ')';
}
if (isset($configurations['condition']) && trim($configurations['condition']) != '') {
$prefix = isset($configurations['onFailureCondition']) ? sprintf('} else {%s} ', $configurations['onFailureCondition']) . $prefix : '}' . $prefix;
$suffix .= sprintf("if(%s){ ", $configurations['condition']);
}
if (isset($configurations['confirmation']) && trim($configurations['confirmation']) != '') {
$prefix = isset($configurations['onNoConfirmation']) ? sprintf('} else {%s} ', $configurations['onNoConfirmation']) . $prefix : '}' . $prefix;
$suffix .= sprintf("if(confirm('%s')){ ", $configurations['confirmation']);
}
if (isset($configurations['csrf']) && $configurations['csrf']) {
$sfForm = new BaseForm();
if ($sfForm->isCSRFProtected()) {
$csrfArray = array($sfForm->getCSRFFieldName() => "'" . $sfForm->getCSRFToken() . "'");
$configurations['data'] = isset($configurations['data']) ? array_merge($configurations['data'], $csrfArray) : $csrfArray;
}
}
if (isset($configurations['listener']) && is_array($configurations['listener'])) {
$listener = $configurations['listener'];
$selector = isset($listener['selector']) ? $listener['selector'] : 'document';
$event = isset($listener['event']) ? $listener['event'] : 'ready';
$ajaxTemplate = ui_ajax_pattern($configurations);
if ($isInternal) {
return $suffix . jquery_support($selector, $event, like_function($suffix . jquery_support(null, 'ajax', $ajaxTemplate) . $prefix));
} else {
return add_jquery_support($selector, $event, like_function($suffix . jquery_support(null, 'ajax', $ajaxTemplate) . $prefix));
}
} else {
$ajaxTemplate = ui_ajax_pattern($configurations);
return $suffix . jquery_support(null, 'ajax', $ajaxTemplate) . $prefix;
}
}
}
public function checkCSRFProtection()
{
$form = new BaseForm();
$form->bind($form->isCSRFProtected() ? array($form->getCSRFFieldName() => $this->getParameter($form->getCSRFFieldName())) : array());
if (!$form->isValid()) {
throw $form->getErrorSchema();
}
}
<li><?php echo link_to(__('Restore'), 'sfSimpleBlogPostAdmin/restoreVersion?id='.$version->getId().'&version='.$version->getVersion(), array('confirm' => __('Are your sure?'), 'method' => 'put')) ?></li>
<li><?php echo link_to(__('Delete'), 'sfSimpleBlogPostAdmin/deleteVersion?id='.$version->getId().'&version='.$version->getVersion(), array('confirm' => __('Are your sure?'), 'method' => 'delete')) ?></li>
</ul>
</td>
</tr>
</tbody>
<?php endforeach; ?>
<tfoot>
<tr>
<th colspan="5"> </th>
</tr>
</tfoot>
</table>
</fieldset>
<?php if (count($versions) > 0): ?>
<?php $form = new BaseForm(); if ($form->isCSRFProtected()): ?>
<input type="hidden" name="<?php echo $form->getCSRFFieldName() ?>" value="<?php echo $form->getCSRFToken() ?>" />
<?php endif; ?>
<input type="submit" value="Delete Versions" />
<?php endif; ?>
</form>
</div>
<script type="text/javascript">
/* <![CDATA[ */
function checkAll()
{
var boxes = document.getElementsByTagName('input'); for(var index = 0; index < boxes.length; index++) { box = boxes[index]; if (box.type == 'checkbox' && box.className == 'sf_admin_batch_checkbox') box.checked = document.getElementById('sf_admin_list_batch_checkbox').checked } return true;
}
/* ]]> */
</script>
function _method_javascript_function($method)
{
$function = "var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'post'; f.action = this.href;";
if ('post' != strtolower($method)) {
$function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); ";
$function .= sprintf("m.setAttribute('name', 'sf_method'); m.setAttribute('value', '%s'); f.appendChild(m);", strtolower($method));
}
// CSRF protection
$form = new BaseForm();
if ($form->isCSRFProtected()) {
$function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); ";
$function .= sprintf("m.setAttribute('name', '%s'); m.setAttribute('value', '%s'); f.appendChild(m);", $form->getCSRFFieldName(), $form->getCSRFToken());
}
$function .= "f.submit();";
return $function;
}
<option value="batchDelete"><?php
echo __('Delete', array(), 'sf_admin');
?>
</option>
<?php
}
?>
<?php
$form = new BaseForm();
?>
<?php
if ($form->isCSRFProtected()) {
?>
<input type="hidden" name="<?php
echo $form->getCSRFFieldName();
?>
" value="<?php
echo $form->getCSRFToken();
?>
" />
<?php
}
?>
<input type="submit" value="<?php
echo __('go', array(), 'sf_admin');
?>
/**
* Get CSRF token
*
* @return string|false CSRF token string
*/
public function getCsrfToken()
{
if (is_null($this->csrfToken)) {
$this->csrfToken = $this->csrfField = false;
$form = new BaseForm();
if ($form->isCSRFProtected()) {
$this->csrfToken = $form->getCSRFToken();
$this->csrfField = $form->getCSRFFieldName();
}
}
return $this->csrfToken;
}
